In case of a security breach, cloud providers must have an incident response process that includes procedures for containing the incident and notification of Covered Entities in accordance with HITECH.

If you’re a Covered Entity under HIPAA, you may be torn between moving your data into the cloud or continuing to maintain it in your own data center. Either way, you must be sure you’re complying with HIPAA requirements.

For highly regulated industries like healthcare with strict compliance requirements, the cloud presents a particular challenge. “When it comes to the cloud, privacy and security is a big deal for Covered Entities,” says Von Williams, security analyst for Logicalis. “While it remains the ultimate responsibility of the Covered Entity to comply with HIPAA, there are policies and procedures that a cloud provider can have in place to lift the burden of securing at-rest and in-transit data from the shoulders of the Covered Entity.” The key, Williams says, is in knowing what to look for.

To help IT pros assess a potential cloud provider’s HIPAA readiness, Logicalis has developed a 10-point checklist addressing privacy and security of healthcare data.

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ... More >>